OpenSSL DER cert and DER key to “combo” cert

Question

I have a certificate file in DER format and a key file also in DER format, the key is encrypted.

I would like to create a cer file containing both cert and encrypted key in PEM format, something like:

-----BEGIN CERTIFICATE-----
asdasdasd
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
asdasdasd
-----END ENCRYPTED PRIVATE KEY-----

I can get the cert in PEM format with the following command:

openssl x509 -inform DER -in ./cert.cer -outform PEM

Also I can get the UNENCRYPTED key in PEM format with the command:

openssl pkcs8 -inform DER -in ./key.key -outform PEM -passin pass:WXYZ

This creates a file that starts with:

-----BEGIN RSA PRIVATE KEY-----

However I can not find a way to make it start with

-----BEGIN ENCRYPTED PRIVATE KEY-----

So that I can just concatenate both files and get the cert.

Do you know what can I do?

I'm new to openssl, what would be the difference between pcks8 and 12? — Talaveriux
Generally pkcs#12 is a container for holding private keys with their certificate signed public key. For more reference start with en.wikipedia.org/wiki/PKCS — MGorgon

Talaveriux Talaveriux · Accepted Answer · 2013-10-15T23:18:23

Thanks to MGorgon for pointing me to the right direction..

It seems that what I wanted is a PKCS12 file and was not aware of.

So I did this:

openssl x509 -inform DER -in ./c_d -outform PEM -out ./c_p
openssl pkcs8 -inform DER -in /k_d -outform PEM -passin pass:WXYZ -out ./k_u_p
openssl pkcs12 -export -inkey ./k_u_p -in ./c_p -passout pass:WXYZ -out ./c
openssl pkcs12 -passin pass:WXYZ -passout pass:WXYZ -in ./c -out ./c12

Hope this is correct.

OpenSSL DER cert and DER key to “combo” cert

1 Answers